I am concerned about the recent bug affecting Skylake and Kaby Lake gen Intel processors - https://lists.debian.org/debian-devel/2017/06/msg00308.html
As BIOS updates aren't yet available from many mobo manufacturers, how can we Qubes users best defend ourselves against an exploit? In this post I am hoping to reach out to someone who may be able to comment on how we can best configure our platforms until a fix is available. Following the advice in the linked Debian advisory, I have disabled hyper-threading in the BIOS settings. My questions are as follows: 1) When I check /proc/cpuinfo in dom0, 'ht' remains listed as a flag (capability). Running $ lscpu in dom0 indicates that 'Threads per core: 1' so I assume the BIOS has in fact disabled hyper-threading. Is this correct, or should the flag also disappear when functionality is disabled in BIOS settings? 2) Is it safe to run multiple VCPUs (up to the number of physical cores) for each Guest VM. Or, in light of this bug, should we only be using a single VCPU for each guest? Many thanks in advance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/129571500992085%40web5j.yandex.ru. For more options, visit https://groups.google.com/d/optout.